If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Is MS ISA server SECURE??

In my experience Microsoft and secure and not used in the same sentence. In my company they had a contractor sell them an ISA server. I always thought that if Microsoft makes (or acquires) it.. Swiss cheese comes to mind.
Please let me know if ISA is a false sense of security. Or did MS get this one right this time.

Do you have it configured properly?
Do you have it patched up?
Do you have the host locked down?
What exactly are the requirements/purpose of the server?

Everything and nothing is secure depending upon who sets it up.

And ...

What OS is it running on?
Is the OS up to date and patched?

Specific to ISA, what role is it supposed to play? Firewall, Proxy, packet filter?

I have an ISA running, on Win2k3 SP1, not joined to the domain and dual homed (one public and shielded and the other private). As bulletproof as I can make it.

As with anything, you need to understand the product, know how to maintain it and keep things maintained.

I'll be a little more blunt than our friendly horse. No, ISA, in and of itself, is not secure. Installed on a securely configured OS, and configured and maintained correctly, yes, it can be reasonably secure. No more or less than anything else.